[doc]: Deployment on eg. Google Cloud Run - using --build-arg for dockerfiles

[rasmuswikman]

Describe the request

Currently there is a Dockerfile called prod.dockerfile that uses the environment file docker/.env.docker.prod.

If I understand correctly, the only way to change these variables is by editing the docker/.env.docker.prod directly when deploying to production. Either manually or by variable substitution in a CI/CD pipeline.

Possible solutions

By using --build-args in docker build command, the variables can can be specified instead of only using redacted as now in the docker/.env.docker.prod file.

Example of using --build-args in a Dockerfile:

# specified as --build-arg
ARG MAGENTO_BACKEND_URL
ENV MAGENTO_BACKEND_URL=$MAGENTO_BACKEND_URL
ARG MAGENTO_BACKEND_EDITION
ENV MAGENTO_BACKEND_EDITION=$MAGENTO_BACKEND_EDITION

Example of using --build-args in a GitHub workflow:

- name: Build and Push Container
  run: |-
    docker build \
    --build-arg MAGENTO_BACKEND_URL=${{ secrets.MAGENTO_BACKEND_URL }} \
    --build-arg MAGENTO_BACKEND_EDITION=${{ secrets.MAGENTO_BACKEND_EDITION }} \
    -t gcr.io/${{ secrets.GCP_PROJECT }}/${{ secrets.GCP_SERVICE }}:${{ github.sha }} \
    -f gcr.dockerfile .
    docker push gcr.io/${{ secrets.GCP_PROJECT }}/${{ secrets.GCP_SERVICE }}:${{ github.sha }}

Please let us know whether this is a new topic or a topic change request:

• New Topic Request (ie. missing entire topic/section)
• Topic Change Request (ie. spelling, organization)

Full working files for deployment to Google Cloud Run

Dockerfile:

FROM node:12.16.3-alpine as build
# working directory
WORKDIR /usr/src/app

# global environment setup : yarn + dependencies needed to support node-gyp
RUN apk --no-cache --virtual add \
    python \
    make \
    g++ \
    yarn

# set env variable for CI
ENV CI=true

# copy root dependency files and configs needed for install
COPY package.json yarn.lock babel.config.js magento-compatibility.js ./
COPY scripts/monorepo-introduction.js ./scripts/monorepo-introduction.js

# copy over the packages
COPY packages ./packages

# copy configuration env file from host file system to venia-concept .env for build
COPY ./docker/.env.docker.prod ./packages/venia-concept/.env

# specified as --build-arg
ARG MAGENTO_BACKEND_URL
ENV MAGENTO_BACKEND_URL=$MAGENTO_BACKEND_URL
ARG MAGENTO_BACKEND_EDITION
ENV MAGENTO_BACKEND_EDITION=$MAGENTO_BACKEND_EDITION

# install dependencies with yarn
RUN yarn install --frozen-lockfile

ENV NODE_ENV=production
# build the app
RUN yarn run build

# MULTI-STAGE BUILD
FROM node:12.16.3-alpine
# working directory
WORKDIR /usr/src/app
# node:alpine comes with a configured user and group
RUN chown -R node:node /usr/src/app
# copy build from previous stage
COPY --from=build /usr/src/app .
USER node
EXPOSE 8080
ENV NODE_ENV=production
# command to run application
CMD [ "yarn", "stage:venia" ]

Deployment file:

# ${{ secrets.GCP_PROJECT }} eg. venia-123456
# ${{ secrets.GCP_SA_KEY }} service account key in JSON format
# ${{ secrets.GCP_REGION }} eg. europe-north1
# ${{ secrets.GCP_SERVICE }} eg. venia
# ${{ secrets.MAGENTO_BACKEND_URL }} eg. https://magento.mydomain.com
# ${{ secrets.MAGENTO_BACKEND_EDITION }} eg. EE or CE

name: Google Cloud Run Deploy
on:
  push:
    branches:
      - google-cloud-run

jobs:
  deploy-gcr:
    name: Deploy to GCR
    runs-on: ubuntu-latest

    steps:
      - name: Checkout Repo
        uses: actions/checkout@main

      - name: Setup Cloud SDK
        uses: google-github-actions/[email protected]
        with:
          project_id: ${{ secrets.GCP_PROJECT }}
          service_account_key: ${{ secrets.GCP_SA_KEY }}

      - name: Authorize Docker push
        run: gcloud auth configure-docker

      - name: Build and Push Container
        run: |-
          docker build \
          --build-arg MAGENTO_BACKEND_URL=${{ secrets.MAGENTO_BACKEND_URL }} \
          --build-arg MAGENTO_BACKEND_EDITION=${{ secrets.MAGENTO_BACKEND_EDITION }} \
          -t gcr.io/${{ secrets.GCP_PROJECT }}/${{ secrets.GCP_SERVICE }}:${{ github.sha }} \
          -f gcr.dockerfile .
          docker push gcr.io/${{ secrets.GCP_PROJECT }}/${{ secrets.GCP_SERVICE }}:${{ github.sha }}

      - name: Deploy to Cloud Run
        run: |-
          gcloud run deploy ${{ secrets.GCP_SERVICE }} \
            --region ${{ secrets.GCP_REGION }} \
            --image gcr.io/${{ secrets.GCP_PROJECT }}/${{ secrets.GCP_SERVICE }}:${{ github.sha }} \
            --platform "managed" \
            --quiet \
            --allow-unauthenticated \
            --set-env-vars "MAGENTO_BACKEND_URL=${{ secrets.MAGENTO_BACKEND_URL }}" \
            --set-env-vars "MAGENTO_BACKEND_EDITION=${{ secrets.MAGENTO_BACKEND_EDITION }}"

[m2-assistant]

Hi @rasmuswikman. Thank you for your report.
To speed up processing of this issue, make sure that you provided sufficient information.

Add a comment to assign the issue: @magento I am working on this

---

• Join Magento Community Engineering Slack and ask your questions in #github channel.

[anthoula]

@magento export issue to JIRA project PWA as Story

[github-jira-sync-bot]

✅ Jira issue https://jira.corp.magento.com/browse/PWA-2842 is successfully created for this GitHub issue.

[OneCricketeer]

Hi @rasmuswikman is this ticket still necessary?

I see you have set runtime variables

--set-env-vars "MAGENTO_BACKEND_URL=${{ secrets.MAGENTO_BACKEND_URL }}" \
--set-env-vars "MAGENTO_BACKEND_EDITION=${{ secrets.MAGENTO_BACKEND_EDITION }}"

So, what is the use-case for providing build time variables with --build-arg?